1. Anatomy of a Large Scale Email Attack
Bob Adams - Cybersecurity Strategist

2. 91% of all incidents start with a phish
Wired

3. Countdown to a breach 100 Seconds median time-to-first-click*
Verizon 2016 Data Breach Investigations Report (DBIR)

4. Targeted attacks are well researched
Confidential |

6. Malware – Wreaking Havoc

7. Steals or encrypts data
Deletes sensitive data
Alters or hijacks core computing functions
Unknowingly monitors users' activity

8. Ransomware – Holding Data Hostage

10. Malware Ransomware ‘as a business’
Ransomware = $1B “Business” in 2016
Malware Ransomware ‘as a business’

12. Source: F-Secure

13. “It takes an attacker longer to organize your data than it takes them to get it” -Bob Adams, Mimecast

14. Hunter
Hacker’s Toolbox

15. Your Company Website & Email Hunter
Your Executive Team Will Be Found
Your Company Website & Hunter

16. Hunter
Rapportive
Rapportive

17. Hunter
Rapportive
FreeERISA
Hacker’s Toolbox

18. What about other countries?

19. Real life examples with email

20. Vector:
Phishing attack
Threat:
Password grab
Target:
Random
mass-mailing

21. Vector:
Phishing attack
Threat:
Password grab
Target:
Random
mass-mailing

22. Vector:
Phishing attack
Threat:
Password grab
Target:
Random
mass-mailing

23. Vector:
Phishing with attachment
Threat:
Document with malicious code
Target:
Targeted mailing

24. Vector:
Phishing with attachment
Threat:
Document with malicious code
Target:
Targeted mailing

25. Vector:
Phishing with attachment
Threat:
Document with malicious code
Target:
Targeted mailing

26. Who Says Attacks Need to Involve Malware?
Business Compromise
Whaling
Wire transfer or W-2/P60 Fraud

27. “…are also charging ransoms based on the number of hosts infected…suggested ransom amounts that vary depending on the geographic location of the victim.”

28. Vector:
Spear phishing attack
Threat: Impersonating senior staff
Target:
An employee with authority

29. Let’s examine this attack closer and how it could have been prevented by fixing the Human Firewall

30. Perform User Name Checks – Attackers Know Your Leadership Team And Will Impersonate Them!
Remember: Everyone Is A Potential Target!!!

31. Check For Common Keywords Used By Attackers – e. g
Check For Common Keywords Used By Attackers – e.g.: Wire Transfer, Wire Payment, W2, P60, etc

32. Check For Similar Domains – Not Your Spoofed Domain, But A Slight Variation

33. Examine the Domain Age – How often do you work with new domains?

34. Are Users part of the solution or part of the problem?
Compromised Accounts
Stolen User Credentials
Utilize Corp Web mail to spread attack internally or externally to partners/customers
Mimecast - First to Market delivering:
Internal Protect
Careless Users
Sending sensitive data internally such as projects and PII
“Oops, sent it to the wrong Michael…”
Malicious Insiders
Purposely distributing malware or malicious URLs

35. Can you confidently say you have done everything possible to protect your organization from cyberattacks?
Do you have a Cyber Resilience Strategy in place?

36. Cyber Resilience Strategy
Confidential |
Protect You need the technology that provides the best possible multi-layered protection
Continue You need to continue to work while the issue is resolved
Remediate You need to get back to the last known good state
Cyber Resilience Strategy

37. Our Next Steps Together
Security
Archiving
Continuity
Another Presentation: Who needs to hear this? Higher authority?
Demo: Getting the technical teams together for a demo on how we help?
Conversation
Challenges
Business drivers – internal and external

38.
Security
Risk
Assessment

39. But if you just want the deck? Just lonely?
Drop me a line at:
@IAmTheBobAdams